Application Security Engineer , AWS Proactive Security
Amazon Web Services (AWS) · Seattle, WA · 2 wk ago
Quality AssuranceFull-time
About the role
AWS Security is dedicated to ensuring the security of various platforms and technologies, including cloud services, IoT, identity and access management, mobile devices, virtualization, and custom hardware. The team is committed to fostering growth and expertise among its members.
Responsibilities
- Analyze the security of applications and services, including performing architecture reviews, threat modeling, code reviews, and security testing.
- Contribute to project and research work as needed.
- Train and provide security guidance to internal development teams.
- Create and maintain security documentation.
- Develop and automate security workflows.
- Deliver and improve upon security metrics.
- Support recruiting efforts.
Requirements
- Bachelor's degree in computer science or equivalent experience.
- Experience in application security frameworks, security code reviews, incident response, secure infrastructure, penetration testing, mobile security, cloud security, AI security, identity and access controls, threat modeling, cryptography, threat intelligence, or secure software development.
- Strong analytical skills, attention to detail, and effective communication abilities.
- At least 2 years of experience in one or more of the following domains: web application development, penetration testing, mobile security, cryptography, public key infrastructure, forensic security, IP security, SSL/TLS, computer viruses and malware, network security, trusted security, trusted execution, threat intelligence, IoT security implications, or authentication.
Preferred Qualifications
- Knowledge of network and web related protocols such as TCP/IP, UDP, IPSEC, HTTP or equivalent.
- Experience working with device technologies under development, familiarity with flashing firmware, basic device debugging, and familiarity with reading/pulling device logs.
- Knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits or equivalent.